This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Cortex XSOAR: How to Retrieve a CSV File

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Cortex XSOAR: How to Retrieve a CSV File

JStephan
L3 Networker
‎08-16-2023 10:54 AM

Title_Cortex-XSOAR-Retrieving-CSV-file_palo-alto-networks.jpg

 

Read this short, on-point blog to learn how to retrieve a CSV file!

 

Fig 1_Cortex-XSOAR-Retrieving-CSV-file_palo-alto-networks.png

 

Today, I am demonstrating the retrieving of a CSV file via the XSOAR !http command for one of my customers. You can download a test spreadsheet here: Untitled-spreadsheet-Sheet1-1. Since you are here, let me tell you a bit more.

 

The task is to retrieve a CSV file via an HTTP call. The command will look like this:

unset
!http method="GET" url="https://cybernotdienst.de/wp-content/uploads/2023/07/
Untitled-spreadsheet-Sheet1-1.csv" unsecure="true" proxy="false" saveAsFile="yes"

 

This is the built-in command XSOAR supports from the start. As you can see, the URL points to the file above. We do NOT use the proxy and we want to save the file directly to the system.

 

With that command you will find a Context Key in XSOAR which describes the file:

Unset


Size:86
SHA1:ece8161f45d8e3f0b16eb2253caea45d0d679076
SHA256:cd00f63027fbb6b2a50b8c2257137749e1548abf9f1c217c8f1c1a42a179566c
SHA512:a5d3d608fb1dd60bdcc9e0937b1f7a47f7af1d27c2058fb9b9fa737c08a8e3627
c2a0e5e5ebec1e90ecf190233de579f9f0e9d5be13a6ee9e52e0a5d6c0d103a
Name:Untitled spreadsheet - Sheet1 (1).csv
SSDeep:3:AUhBx9IWmJGwFvpCFUZUTOhji7T:AS7vsEUoojin
EntryID:4@11288
Info:text/csv; charset=utf-8
Type:CSV text
MD5:ab8c27e05a3d12827ccd0dc671c70ce9
Extension:csv

 

And that's almost the complete trick, now we can use !ParseCSV on the EntryID above to get the CSV file parsed into the context data:

Unset

!ParseCSV entryID=4@11288

 

Now you can pack these commands into a Playbook and automate the tasks at hand.

 

You can add a Conditional with a filter, to avoid the ParseCSV to fail, because the file you wanted to download is not actually a CSV file.

Fig 2_Cortex-XSOAR-Retrieving-CSV-file_palo-alto-networks.png

This may be a harder way, as you need to retrieve the file.


Under normal circumstances we would expect that such a file is part of an incident, which makes it way easier, as the attached file will already be there and we just need to check if there is a CSV file and start the parsing.

 

Fig 3_Cortex-XSOAR-Retrieving-CSV-file_palo-alto-networks.png

 

Please reach out if you have any questions. Thank you for reading!

 

Labels:
  • 4020 Views
  • 0 comments
  • 3 Likes
Register or Sign-in
Labels
Popular Blogs
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks